Lucene search

MicrosoftCVE-2017-11884

HistoryNov 15, 2017 - 3:29 a.m.

CVE-2017-11884

2017-11-1503:29:01

CWE-119

microsoft

web.nvd.nist.gov

145

In Wild

microsoft

excel 2016

click-to-run

c2r

memory corruption

vulnerability

cve-2017-11884

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11882.

Affected configurations

Nvd

Vulners

Node

microsoftexcelMatch2016click-to-run

VendorProductVersionCPE
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:click-to-run:*:*:*

Vendor	Product	Version	CPE
microsoft	excel	2016	cpe:2.3:a:microsoft:excel:2016::::click-to-run:::

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Excel 2016 Click-to-Run (C2R)"
      }
    ]
  }
]